Chapter 1.6 - Vulnerabilities Flashcards
Explain the security concerns associated with various types of vulnerabilities
Threat Intelligence
Research threats and threat actors so you can make educated decisions and preventions
Zero-day Attacks
An attack that has not been discovered yet
Open Permissions
No security on data allowing attackers to perform actions that exploit and system
Unsecure Root Accounts
Vulnerable to takeover due to poor security configuration
Example: weak passwords
Errors
Messages that can provide useful information to an attacker
Examples: service type, version information, debug data
Weak Encryption
The uses a key of insufficient length making it easier to attack
Insecure Protocols
A protocol that introduces security concerns due to the lack of controls over confidentiality and/or integrity
Default Settings
Having preset credentials allowing access to all configurations
Open Ports and Services
Services open ports in which provides a pathway for attackers to exploit vulnerabilities in your system
Defend with a firewall
Third-Party Risks
The risk of outsourcing certain services or use software built by third parties to accomplish certain tasks
System Integration Risk
The potential for integration of technology, processes, information, departments or organizations to fail
Lack of Vendor Support Risk
Vendors not taking initiative to fix their products
Supply Chain Risk
The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity
Outsourced Code Development
Hiring a third-party service provider to handle software development projects
Data Storage
Storing data with a third-party trust?
